Antonio Francesco Sardella

The advisory of the authenticated command injection I found on Cacti 1.2.24 has been published (CVE-2023-39362).

https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp

#security #cybersecurity #websecurity #appsec #applicationsecurity #hacking #responsibledisclosure #exploit #cacti #rce #commandinjection #remotecommandexecution #cve202339362

Authenticated command injection when using SNMP options

### Summary In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remo...

GitHub
Sep 5, 2023 at 7:10pmWeb